url: Added bounds checking to parse_login_details()

Added bounds checking when searching for the separator characters within the login string as this string may not be NULL terminated (For example it is the login part of a URL). We do this in preference to allocating a new string to copy the login details into which could then be passed to parse_login_details() for performance reasons.
2025-03-19 15:40:42 +08:00 · 2013-04-19 19:37:55 +01:00 · 2013-04-19 19:37:55 +01:00 · 49184c3723
commit 49184c3723
parent cc7f6a2ddf
1 changed files with 12 additions and 2 deletions
--- a/lib/url.c
+++ b/lib/url.c
@ -4482,13 +4482,23 @@ static CURLcode parse_login_details(const char *login, const size_t len,
  size_t olen;

  /* Attempt to find the password separator */
-  if(passwdp)
+  if(passwdp) {
    psep = strchr(login, ':');

+    /* Within the constraint of the login string */
+    if(psep >= login + len)
+      psep = NULL;
+  }
+
  /* Attempt to find the options separator */
-  if(optionsp)
+  if(optionsp) {
    osep = strchr(login, ';');

+    /* Within the constraint of the login string */
+    if(osep >= login + len)
+      osep = NULL;
+  }
+
  /* Calculate the portion lengths */
  ulen = (psep ?
          (size_t)(osep && psep > osep ? osep - login : psep - login) :